SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Note, this is no proof that the companies listed were compromised.

Cryptocurrency 130

Cryptocurrency Malware Accountability Banking 130

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance.

Social Engineering 326

Social Engineering Mobile Cybercrime Passwords 326

Malwarebytes

JULY 19, 2021

We’ve observed a 419-style scam (also known as an advance fee scam) which combines the promise of cryptocurrency riches with WhatsApp conversation. Folks already involved in cryptocurrency would likely have suspicions raised after reading the below. It’s all about that personal touch in the land of cryptocurrency scams.

Accountability 105

Accountability Scams Cryptocurrency Banking 105

SecureList

MAY 6, 2024

With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets, inventing new techniques and reusing good old ones. Online shopping brands were the most popular lure, accounting for 41.65% of financial phishing attempts.

Phishing 99

Phishing Banking Mobile Scams 99

Malwarebytes

SEPTEMBER 11, 2023

The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. Once active, the malware can be used for several malicious activities like remote access, cryptocurrency mining, keylogging, clipboard stealing, and information stealing. exe and a bundled script.

Malware 114

Malware Social Engineering Cryptocurrency Cybercrime 114

Malwarebytes

DECEMBER 6, 2022

Nicholas Truglia (25) from Florida was sentenced to 18 months on Thursday for his involvement in a digital heist that cost Michael Terpin ( @michaelterpin ), a renowned personality in the cryptocurrency space, $23.8M. According to El Reg , Terpin's cryptocurrency of choice was TRIG, which was worth $7 then.

Cryptocurrency 88

Cryptocurrency Social Engineering Accountability Media 88

Krebs on Security

APRIL 20, 2023

In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. Microsoft Corp.

Malware 289

Malware Software Technology Accountability 289

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams 100

Scams Phishing Cryptocurrency Social Engineering 100

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. A threat actor gained access to a tool used by the company’s customer support and account administration teams. Trezor WARNING: Elaborate Phishing attack.

Phishing 108

Phishing Data breaches Cryptocurrency Social Engineering 108

Malwarebytes

MARCH 1, 2024

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. Scammers, impersonating cryptocurrency investors, are active on Telegram channels to get interested people to attend a meeting about a future partnership. Topics are cryptocurrency investment opportunities.

Cryptocurrency 100

Cryptocurrency Malware Authentication Banking 100

Security Boulevard

MAY 19, 2022

In April 2022, ThreatLabz discovered several newly registered domains, which were created by a threat actor to spoof the official Microsoft Windows 11 OS download portal. These variants of Vidar malware fetch the C2 configuration from attacker-controlled social media channels hosted on Telegram and Mastodon network. Key points.

Media 64

Media Social Engineering Backups Passwords 64

Malwarebytes

OCTOBER 20, 2022

A phishing campaign known to specifically target employees with access to their company's Facebook Business and Ads accounts has significantly widened its net and begun using a first-of-its-kind information-stealing malware to go after crypto wallets. Social engineering attacks and malware form the core of Ducktail's modus operandi.

Social Engineering 77

Social Engineering Malware Accountability Engineering 77

Security Affairs

JULY 24, 2020

Twitter confirmed that hackers accessed the direct message (DM) inboxes of some of the accounts that were recently compromised. Last week, the social media giant Twitter revealed that hackers compromised 130 accounts in the attack that took place on July 15 and downloaded data from eight of them. ” wrote Krebs.

Accountability 89

Accountability Advertising Cryptocurrency Social Engineering 89

Malwarebytes

APRIL 7, 2021

Several users of Trezor, a small hardware device that acts as a cryptocurrency wallet, have been duped by a fake app with the same name. According to the Washington Post , the fake Trezor app, which was on the App Store for at least two weeks (from 22 January to 3 February), was downloaded 1,000 times before it was taken down.

Cryptocurrency 104

Cryptocurrency Scams Engineering Accountability 104

Security Affairs

MAY 19, 2023

TurkoRat is an information-stealing malware that can obtain a broad range of data from the infected machine, including account login credentials, cryptocurrency wallets, and website cookies. was not accidental, because agent-base is the name of a legitimate npm package with tens of million downloads.

Encryption 74

Encryption Social Engineering Malware Cryptocurrency 74

Krebs on Security

AUGUST 30, 2022

In a blog post earlier this month, Cloudflare said it detected the account takeovers and that no Cloudflare systems were compromised. 4 it became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Mobile 299

Mobile Phishing Authentication Accountability 299

Malwarebytes

AUGUST 13, 2021

A fair few cryptocurrency scams have been doing the rounds across 2021. One of the sneakiest ways to grab a code is to jump into customer support discussions on social media. Scammers set up fake customer support style accounts, then direct potential victims to phishing pages hosted elsewhere. Recovery code theft.

Scams 105

Scams Cryptocurrency Social Engineering Media 105

SecureList

MARCH 7, 2024

To get access to the content (or contest), phishing sites prompted the victim to sign in to one of their gaming accounts. If the victim entered their credentials on the phishing form, the account was hijacked. The information could later be used to steal both funds from victims’ accounts and their identities.

Phishing 101

Phishing Scams Cryptocurrency Accountability 101

eSecurity Planet

SEPTEMBER 15, 2022

The Shikitega attack consists of a “multistage infection chain where each module responds to a part of the payload and downloads and executes the next one,” the AT&T researchers wrote. Two of them regard the current user and the rest are for the root account. See the Top Patch Management Solutions. Multistage Infection Chain.

Malware 114

Malware Social Engineering System Administration Antivirus 114

SC Magazine

MAY 12, 2021

Researchers found 167 counterfeit Android and iOS apps that attackers used to steal money from victims who believed they installed a financial trading, banking or cryptocurrency app. If targets later tried to withdraw funds or close the account, the attackers would block access. Photo by Justin Sullivan/Getty Images).

Scams 62

Scams Cryptocurrency Social Engineering Banking 62

Security Affairs

JANUARY 23, 2022

” Malicious websites could also deliver malware on the victims’ devices or hijack their payments to accounts under their control. Never download an app from a QR code, avoid making any payment requested through unsolicited email that uses social engineering techniques to trick recipients into scanning the embedded QR code.

Cryptocurrency 92

Cryptocurrency Social Engineering Malware Scams 92

SecureWorld News

AUGUST 2, 2021

Robinhood is an increasingly popular trading app where you can buy and sell stocks, as well as cryptocurrency. Phishing attempts come via email where scammers use different social engineering tactics to pose as a reputable sender like the IRS, your bank or brokerage firm. How to spot phishing emails.

Phishing 84

Phishing Social Engineering Scams Identity Theft 84

Security Boulevard

MARCH 31, 2022

RedLine is a malware service available for purchase on underground forums that specifically targets the theft of sensitive information: passwords, credit cards, execution environment data, computer name, installed software, and more recently, cryptocurrency wallets and related files. OpenLink - open a link in the default browser.

Cybersecurity 98

Cybersecurity Social Engineering Passwords Malware 98

SecureList

JUNE 7, 2023

Mobile statistics Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff , a financially motivated threat actor known for stealing cryptocurrency. The threat actor uses social engineering to infect a PoS terminal.

DNS 101

DNS Malware Cryptocurrency Retail 101

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile 243

Mobile Cryptocurrency Accountability Passwords 243

Krebs on Security

JULY 22, 2020

As first reported here on July 16, prior to bitcoin scam messages being blasted out from such high-profile Twitter accounts @barackobama, @joebiden, @elonmusk and @billgates, several highly desirable short-character Twitter account names changed hands, including @L, @6 and @W. They would take a cut from each transaction.”

Hacking 299

Hacking Accountability Scams Media 299

eSecurity Planet

SEPTEMBER 14, 2022

To this end, some impressive technology has been created to combat the technological side of the issue, to keep hackers and similar bad actors from accessing data and account privileges they shouldn’t. Then, we’ll go over the basic, foundational techniques most scammers find themselves using, such as social engineering and phishing.

Social Engineering 117

Social Engineering Energy and Utilities Phishing Scams 117

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 82

Spyware Hacking Malware Social Engineering 82

Security Affairs

AUGUST 16, 2023

The content of the message attempt to trick the recipient into scanning the code to verify their account. “Email lures came in the form of updating account security surrounding 2FA, MFA, and general account security. The emails urge the recipient to complete the procedure in 2-3 days. ” continues the report.

Phishing 81

Phishing Energy and Utilities Insurance Manufacturing 81

SecureList

NOVEMBER 23, 2021

We should expect more fraud, targeting mostly BTC , because this cryptocurrency is the most popular. In fact, from January through the end of October, Kaspersky detected more than 2,300 fraudulent global resources aimed at 85,000 potential crypto investors or users who are interested in cryptocurrency mining. Extortion on the rise.

Cryptocurrency 110

Cryptocurrency Banking Cybercrime Ransomware 110

SecureList

NOVEMBER 22, 2022

Unlike common stealers, this malware gathered data that can be used to identify the victims, such as browsing histories, social networking account IDs and Wi-Fi networks. Cryptocurrency targeted attacks. More cryptocurrency-related threats: fake hardware wallets, smart contract attacks, DeFi hacks, and more.

Cryptocurrency 91

Cryptocurrency Mobile Ransomware Banking 91

SecureList

DECEMBER 6, 2022

Phishers primarily seek to extract confidential information from victims, such as credentials or bank card details, while scammers deploy social engineering to persuade targets to transfer money on their own accord. Posing as AOL employees, the scammers sent messages asking users to verify their accounts or asking for payment details.

Scams 98

Scams Phishing Social Engineering Banking 98

SecureList

SEPTEMBER 6, 2022

One of the most outstanding examples involves $2 million ‘s worth of CS:GO skins stolen from a user’s account , which means that losses can get truly grave. The share of various Trojans that use popular games as a lure remains solid, with Trojan-SMS, Trojan-Downloader, and Trojan-Spy among the TOP 10 threats. Trojan-SMS.

Mobile 101

Mobile Passwords Software Accountability 101

SecureWorld News

AUGUST 2, 2022

New research from security firm CloudSEK shows that more than 3,200 mobile applications were leaking Twitter API (Application Program Interface) keys, which can be used to gain access and take over user accounts. Of those, 230 were leaking all four authorization credentials and could be used to fully take over Twitter accounts.

Mobile 79

Mobile Accountability Identity Theft Cryptocurrency 79

Malwarebytes

FEBRUARY 8, 2023

The Ryuk ransoms, paid in cryptocurrency such as Bitcoin, were split into smaller portions and then forwarded on to multiple cryptocurrency wallets and then placed into exchange accounts for other forms of currency. Keep threats off your devices by downloading Malwarebytes today. Educate your staff.

Ransomware 83

Ransomware Backups Cryptocurrency Social Engineering 83

Security Boulevard

AUGUST 3, 2022

230 apps were leaking all four 0Auth authentication credentials and could be used to fully take over Twitter accounts to perform critical/sensitive actions. Some of those sensitive actions include reading Direct Messages, retweeting, deleting messages, liking messages, and getting account settings. Twitter API.

Mobile 98

Mobile Authentication Accountability Identity Theft 98

SecureList

FEBRUARY 16, 2023

These sites referenced public figures and humanitarian groups, offering to accept cash in cryptocurrency, something that should have raised a red flag in itself. For example, one website offered users to obtain a COVID vaccination certificate by entering their British National Health Service (NHS) account credentials.

Phishing 95

Phishing Scams Accountability Energy and Utilities 95